Engineering, Security & Privacy

Apple's famous Super Bowl ad that introduced the Macintosh computer assured us that the year 1984 would not be like Orwell's 1984. Instead of slavishly lining up to do the bidding of, and be under total surveillance by, Big Brother, we were assured we were entering a new age of personal freedom, creativity, and autonomy.

Fast forward a quarter century, and now Apple's iProducts -- and others -- have instead established the infrastructure for a total surveillance state that tracks everything we say, do, read, write; and traces everywhere we go, who we go with, and what we do when we get there.

Yet even after the Snowden documents proved what many long suspected, we continue to send our private lives into "the cloud" knowing that NSA meteorologists are tracking it.

But what are we to do? Go back to postal mail? Or stop hanging out with distant friends and family members on Skype? Not gonna happen.

Not only are our communications tracked, but there is also the possibility that a convoluted NSA algorithm might eventually put together an offhand reference you made to the Koran in a 1998 email, along with a later search for Persian rugs, and still later an expressed interest in the history of the atomic bomb, and conclude that you are connected to Iran's nuclear program. And you, of course, would never know why you are now on a no-fly list.

Before the communications revolution made it so easy for private correspondence to be monitored by the state, the right to privacy had never been explicitly enshrined as a human right, except by inference.

Perhaps the most specific statement in US history is the Fourth Amendment to the Constitution (1792), which affirms "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures..."

But the framers of the Bill of Rights could no more imagine email, cookies, Facebook Likes, and Google searches than the authors of the Second Amendment could image AK-47s and Saturday Night Specials.

So in the space of only 20 years, everyone in the connected world has awakened to the fact that s/he has no clearly spelled out right to privacy in any of her or his thoughts, words, or actions. The entire contents of our lives are open to the state, and to commercial firms whose databases are in turn hacked by state security systems. And Moore's Law will only increase that intrusiveness in coming years.

Why bring that up in an electronics publication? Isn't this a matter for lawyers and civil libertarians? Indeed, but it was also the ingenuity of tens, probably hundreds, of thousands of electronic, computer, and software engineers whose development of the Internet yielded these unintended consequences.

Without overlooking the legitimate needs for the state to track bad actors before they can commit bad actions, there must be a limit to that surveillance. Security achieved at the loss of any personal privacy is no security at all.

And there is something very disingenuous about the fact that emails between 10-year-olds are no longer private, yet someone who is seriously deranged can buy a high-powered weapon and carry it around in a public space with no oversight. Is this electronic surveillance meant to protect us, or cow us into a state of total, dispirited submission?

We are long overdue for a national discussion on privacy, and like it or not, the electronics industry, which has seldom been asked to consider the social consequences of its work, will soon find itself at the center of this storm, and asked to devise protocols and filters that can distinguish between signals of information from "bad actors" and the noise of the actions of billions of people who just want to get on with their lives.

As citizens are made to see themselves merely as perpetual suspects in an ill-defined and unending "war on terror," respect for the law will diminish. Which will only make the security state bureaucracy even more paranoid, and in need of even bigger budgets, staffs, and powers.

Engineers and others in the digital industry can be rightly proud of the many, many benefits their work has made possible. It would be a shame to see that effort eventually perceived by the public not as liberating and enlightening, but as intimidating and threatening. Like it or not, the engineering enterprise will soon find itself immersed in "humanistic" affairs.

There are patches that sophisticated consumers can use to cover themselves, like Tor and DuckDuckGo, but it is going to take an industry-wide systemic approach to really address this issue. And technology companies in particular have every reason to want secure transmissions, so their own IP (Intellectual Property) doesn't get cribbed and disseminated using the other IP (Internet Protocol).

Great piece, Tom. Somebody had to write this, and I am glad you penned it.

We do need a better legal (and political) framework to ensure citizens' privacy. But instead, with little engagement in political and legislative processes, it almost feels like the entire tech industry has already olled over. It is a shame.

Interesting comment from a friend who visited St Petersburg -- he happended to go on a tour that included the KGB station house there -- The tour guide indicated that you could see Siberia via the back door.

The reality is that we could obliterate hundreds of thousands of people before any electronics other than a few telegraphs existed -- The US civil war cost more lives than any conflict the US has been in before, or since. It seems that rather than just agreeing to disagree about the issues and trying to benevolently govern, the country, and leadership is becoming quite divided over many issues.

Electronic surveilence is a two edged sword like any technology -- It can just as easily be used to harm the inocent, as to stop a tragedy. I myself find that most of my communications I use to work with is under constant attack from a variety of sources. If one does work related to exports to one country -- several others will use any means to stop the work. If one does work for a US company then foriegn companies try and stop the work and so on.